CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•12 views

CVE-2019-25730

CVE-2019-25730 affects Listing Hub CMS 1.0 . A vulnerability in the page pages.php where the id parameter is exploited via error-based SQL injection , allowing unauthenticated remote attackers to run arbitrary queries. The attacker can extract sensitive data such as database credentials, username...

Vulnrichment•added 4 days ago•6 views

CVE-2019-25730 Listing Hub CMS 1.0 SQL Injection via pages.php id

EUVD•added 4 days ago•6 views

EUVD-2019-20166

ATTACKERKB•added 4 days ago•4 views

CVE-2019-25730

Exploits0References5Affected Software1

Cvelist•added 4 days ago•31 views

CVE-2019-25730 Listing Hub CMS 1.0 SQL Injection via pages.php id

8.8CVSS0.00072EPSS

Positive Technologies•added 4 days ago•10 views

PT-2026-46200

ATTACKERKB•added last week•9 views

Exploits0References6

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS4.2AI score0.00035EPSS

Exploits0References6

EUVD•added 2026/05/30 2:55 p.m.•5 views

EUVD-2018-21928

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0009EPSS

CVE•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25406

CVE-2018-25406 affects the eNdonesia Portal 8.7, where multiple SQL injection vulnerabilities allow unauthenticated attackers to run arbitrary SQL queries via mod.php. The attacker can inject SQL through parameters artid, cid, did, contid, and aboutid across modules including publisher, diskusi, ...

8.8CVSS6.2AI score0.0009EPSS

CNNVD•added 2026/05/30 12:0 a.m.•6 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the year parameter, potentially allowing unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0009EPSS

Positive Technologies•added 2026/05/25 12:0 a.m.•8 views

PT-2026-43017

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS5.7AI score0.00049EPSS

EUVD•added 2026/05/14 1:24 p.m.•5 views

EUVD-2026-30279

WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...

5.1CVSS6AI score0.00088EPSS

Exploits0References3

NVD•added 2026/05/05 12:16 a.m.•5 views

CVE-2026-7788

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

7.5CVSS0.00066EPSS

NVD•added 2026/04/05 4:16 p.m.•2 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

8.6CVSS0.00055EPSS

Exploits1References4

Positive Technologies•added 2026/04/05 12:0 a.m.•1 views

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

8.6CVSS6.7AI score0.00055EPSS

Exploits1References9

Tenable Nessus•added 2026/03/31 12:0 a.m.•1 views

Foxit PDF Editor < 2026.1 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2026.1. It is, therefore affected by multiple vulnerabilities: - The application's list box calculate array logic keeps stale references to page or form...

7.8CVSS7.6AI score0.00023EPSS

Exploits1References8

NVD•added 2026/03/28 3:16 p.m.•2 views

CVE-2026-5000

A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing authentication. T...

7.5CVSS0.00082EPSS